Weeky Security Roundup #46: The Flaws in Our Cyber Defenses
Basic cyber security skills and knowledge will become essential in the coming years
“To err is human,” Alexander Pope said centuries ago, and nothing had changed since. It’s natural that what we, as humans, create to be imperfect, so we shouldn’t dwell on it. On the opposite: with this important lesson in mind, we should mobilize to find solutions to the problems we inadvertently or knowingly create.
The same is valid for cyber security. Traditional antivirus products aren’t able to detect, block and remove second generation malware as fast as malware creators are capable of deploying it. It’s a fact, but that doesn’t mean that there’s nothing that users can do about it. There are solutions to enhancing their cyber security, but users have to put some effort into educating themselves, which will become an essential skill in the coming years.
That’s why we try to contribute by simplifying the complex world of cyber security into articles that everyone can understand. It’s exactly what we did this week when we exposed 10 Reasons Why Your Traditional Antivirus Can’t Detect Second Generation Malware. And we did the same today, when we shared how the latest spam campaign that deploys CryptoWall 3.0 works and how users can get protected (Free security guide against ransomware inside).
Even our CEO, Morten Kjaersgaard, pitched in, weighing in on the subject of cyber extortion and the companies that fall victims to this tactic in this article on Bloomberg.com.
And now it’s time to see what other important news have made it in our top 10 headlines, because the Weekly Security Roundup is here!
Security articles of the week
This simple method of exploiting vulnerabilities in the beloved messaging app could have spelled disaster for its 200+ million users, but the web service rushed to patch things and close the security holes. Still, this shows once again that users need to be more proactive about their cyber defenses.
A malvertizing campaign that had corrupted Yahoo’s advertising network had been going on for over a month without being stopped, exposing billions of Internet users to potential infections. We’ve discussed about the dangers of malvertising and the numbers behind this threat and it’s clear that just adopting the “it can’t happen to me” policy is a recipe for failure. Internet users, beware!
It can happen to security vendors too! Both companies experienced public disclosures of the newly-found security holes in their products and quickly patched them, but we still urge users to never put all their eggs in one basket and use a multi-layered security system.
Luis Corrons, the Director of Pandalabs, the laboratory which Panda Security set up to fight against malware, gave a very good interview, sharing one important piece of advice that all cyber security aware companies should live by:
Companies should act as if they’ve already been attacked, if they really want to remain safe.
It may sound dramatic, but it’s true.
Brian Krebs shared the good news:
Authorities in Europe have arrested alleged key players behind the development and deployment of sophisticated banking malware, including Citadel and Dridex. The arrests involved a Russian national and a Moldovan man, both of whom were traveling or residing outside of their native countries and are now facing extradition to the United States.
When attacks become more specific and targeted, so should cyber security. Companies have to expand their capabilities, understand current threats and educate their employees to become part of their defenses.
The controversial public figure announced his intent to run for the US’s Presidency in 2016, founding a party focused on security and privacy issues, which we hope will continue to climb the public agenda and garner the users’ interest going forward.
It seems that nothing can scare medical institutions into investing in better cyber security and data management.
The healthcare sector has been hit by yet another massive hack attack. Health insurer Excellus BlueCross BlueShield says a cyber-attack that began in December 2013 wasn’t discovered until Aug. 5, 2015. The breach potentially exposed personal information on 10.5 million of its health plan members and other individuals.
Although the breach was discovered during a forensic assessment of the company’s cyber defenses, the fact that it had been going on for almost two years is the most worrisome part. Again, cyber criminals prove their ability to evade detection and infiltrate systems without triggering any alarm.
In the quest to make our lives easier, we have also begun to endanger them more and more.
Over recent years, automakers have provided advanced technology within vehicles to help keep drivers safe while on the road. Today, over 50% of vehicles in the United Stated are connected and this number is likely to continue increasing every year. However, while voice activated technology, keyless entry, and other safety features may provide convenience and help reduce accidents, car buyers should be aware vehicles connected to the internet can be hacked in similar ways as a computer or mobile phone.
If your car is connected to the Internet, it can be hacked. Cyber criminals could take control over it and put your life or your loved ones’ lives in danger. Are you sure you want to see this happen? If not, learn about it and contribute to the discussion. There are plenty of things we need to do.
You may read quite often in the news about takedown operations carried out by cyber task forces around the world, aimed at dismantling and blocking cyber crime rings and their malicious networks. It may seem like these actions are only a drop in the ocean, comparing it to the breadth and impact of cyber attacks, but it turns out that their effects are increasingly effective:
What’s changed is that law enforcement, threat intelligence and financial institutions are collaborating much more closely.
Says financial fraud expert Avivah Litan, an analyst with consultancy Gartner.
Also, everyone is getting better at attribution, i.e., finding the hackers behind the malware.
Moreover, cyber espionage attempts are also intercepted and blocked before they cause even more damage, which is great news for everyone who wants a safer web and more secure technology.
We may have a long way to go to reach satisfactory levels of cyber security for all Internet users, but steady, constant steps will get us there!